The world, in the last decade, has moved towards globalization and is increasingly moving towards digitization. The access, availability and reliability of the internet has enabled effective communication channels for millions of businesses. The affects are not just limited to business but 42% of the global population has social media penetration with developed regions having penetration rates of over 60%. Digital adoption once started as an option has now become a necessity. According to a survey by Forbes insight, 101 executives from North American financial services sector believe that 25% of their future growth will be driven by digital strategies they employ.
This has created an influx of commercial and personal data creation. The easy availability of vast data sets, and the sensitive nature of most of it has made it a very valuable target.
This brings into question the importance of cybersecurity. Cybersecurity mainly consists of methods used to protect data, processes, and the systems prevalent online from external, third-party threats. The assurance of protection from these threats is what helps any business establish trust with its users. Trust is the basic foundation of operation when engaging with consumers – aspects such as privacy protection are taken very seriously and any breach of this privacy results in the severing of ties between the business and the consumer.
Types of Cyber Security Attacks
Cyber-attacks are not just limited to individuals or businesses but now governmental institutions and larger organizations are also being targeted, e.g. 2008 cyber-attack on pentagon, 2011 cyber-attack on G20 summit files in France, and many more are examples of the extent of such attacks.
Cyber-attacks can be for various reasons, some of these are listed below:
- Destructive Attacks
- Government Espionage
- Corporate Espionage
- Cyber Terrorism
- Personal Data Theft
- Financial Data Theft
The list provided above is not exhaustive by any means. We can categorize cyber-attacks in two broad categories listed below:
- Active attack – creates disruption and is used to alter resources or affect operations.
- Passive attack – listens silently and is used to gather critical and compromising information.
Cyber-attacks can be done in multiple ways but the most common cyber-attacks which are pertinent to this discussion are those consisting of malware, SQL injections, phishing, Denial-of-Service (DoS) and Cross-Site Scripting (XSS). These are done through encrypted emails or removable storage media. The approach to tackle malware varies drastically between small-scale and large-scale businesses. For small businesses, a three pronged basic approach can be taken which focuses on strengthening the company’s firewall and being equipped with the latest anti-malware and anti-virus software. Bigger businesses need greater protection and consequently a more comprehensive approach along with substantial investment is required.
2017 saw the rise of ATM breakdowns of various strong financial companies through malware, and this was also met with bank domains getting infiltrated and compromised. Russian banks alongside banks in the U.S were hit the hardest. The US government has issued warnings to financial institutions and ATM manufacturers to improve the security of these machines.
An example of this is SQL injection which is one of the most commonly used global hacking methods. According to Akamai report, roughly 50% of all web attacks involve SQL injection. It is a code injection technique which uses malicious code to manipulate databases into revealing sensitive information. The anatomy of this type of attack is complex but can still be tackled effectively through accountability and authentication of inputs using parameterized procedures.
Phishing, as opposed to SQL injections and malware, attempts to target individuals or businesses via email, telephone or text messages for malicious reasons under the guise of a legitimate organization. Unsuspecting individuals are lured into providing sensitive information about themselves such as log-in credentials, credit card numbers, pin codes, and other such information. To protect against phishing, businesses need to be aware of its various types such as deceptive and spear phishing. Protection can further be done by engaging in security promotion mechanisms and browsing sensibly with HTTPs.
Impacts of Cybercrime
The monetary impact of cybercrime has been the greatest on the financial industry, simply because of its sensitive nature of managing money. The cyber-climate is changing every day and becoming more complex and difficult to deal with. An example of this can be the SWIFT hack which shows how migration towards computers and online networks has not always been effective and safe. Additionally, the hacking of JP Morgan, VISA and Master card, shook not only the United States but the entire world.
Denial-of-Service attacks have also surfaced in recent years and are becoming a part of the hacker’s mix. DoS has certain trademark characteristics such as slowing down your network and hindering access to your desired website. There has been a massive wave of DoS attacks against banks recently. In February 2018, numerous attacks against Dutch banks were observed.
Another aspect that needs to be discussed is Cross-Site Scripting and how it is impacting the hacking mix. This type of attack results in the injection of malicious client side scripts and is known for taking advantage of a website’s vulnerabilities. The prevention of this sort of hack involves using a security development lifecycle in one way or the other.
According to a survey by Norton Cyber Security Insight report, 978 Million people experienced cyber-attacks in 20 countries around the world in 2017, which is almost 40 times the population of Australia. Cumulatively the victims of cyber-crimes globally lost $172 Billion in 2017 alone. On average each victim spent 24 hours dealing with the aftermath of such attacks.
Threats of Hacking
The internet has become a vast playing ground and while financial institutions continue to mould it for their own benefit, so do hackers. Open banking has become both a threat and an opportunity. The inherent idea of open banking revolves around the fact that a user will be able to open up his transactions and financial data to other companies. This will make transactions and the processing of data much smoother, and will enable companies to offer a new range of services such as those involving budgeting advice. This will essentially give users more control over their finances and encourage them to have greater involvement. It will also result in increased competition and ease of switching.
Now while it may promote efficiency and productivity by cutting down time, it also opens up doors to new levels of risk in the world of cybersecurity. Before open banking becomes more widespread, it is necessary that the issue of hacking is curbed to a certain extent, enabling a more transparent and safe flow of information.
Cybercrime Laws and Policies
It needs to be remembered that legislation and policies have been passed to deal with cyber threats by strengthening cybersecurity. So on a broader spectrum, there are certain measures being worked on to enhance security and to make sure the mediums through which financial institutions employ their services are safe. It is great to see not only developed countries, but also developing nations employing and enforcing laws such as the Cybercrime Act of 2008 in Algeria or the Cybercrime Law of 2003 in Niger. The Budapest Convention is the first binding international instrument on this topic. It helps to provide guidelines in developing comprehensive national legislation against Cybercrime.
Future of Cyber-attack Protection
Blockchain is the new buzz word in the industry. Unlike many other fads, Blockchain technology is highly expected to have an impact and is here to stay. The need and demand for the open banking eco-system has given rise to Blockchain in the financial sector which has promised to help secure the financial data for now until other applications of Blockchain are explored. As Dorothea Dix quoted “Every Evil has its good and every ill an antidote”, so Blockchain is an antidote to some types of financial cyber-attacks.
Furthermore, Blockchain will speed up the digitization of financial information and transactions. It will help to rewrite old-legacy structures into modern decentralized structures which are highly secure. Numerous FinTech companies are experimenting with Blockchain technology, amongst which NETSOL technologies is also investing in Blockchain in order to leverage the benefits of the technology for its customers.
The financial sector is experiencing incessant change with regards to its environment and methodology. In this varying landscape, there is also an alteration in the methods employed by hackers, which is why the regulations and safety measures must also be consistently updated.
Governments and institutions have an uphill battle ahead of them when it comes to curbing the issue of hacking, but this battle can only be won if a concerted strategy is devised and followed by all stakeholders. Additionally, continued technological updates need to be deployed to battle the menace of cyber-attacks as open banking services along with newer leasing technologies are fast becoming a reality for the world.
Written by Abbas Leghari, Head of BD & SMO at NETSOL Technologies Inc.